Kohana provides classes that make it easy to work with both cookies and sessions. At a high level both sessions and cookies provide the same functionality. They allow the developer to store temporary or persistent information about a specific client for later retrieval, usually to make something persistent between requests.

Sessions should be used for storing temporary or private data. Very sensitive data should be stored using the Session class with the "database" or "native" adapters. When using the "cookie" adapter, the session should always be encrypted.

Stores session data in a cookie using the Cookie class. Sessions will have a 4KB limit when using this adapter, and should be encrypted.

The default adapter can be set by changing the value of Session::$default. The default adapter is "native".

To access a Session using the default adapter, simply call Session::instance(). To access a Session using something other than the default, pass the adapter name to instance(), for example: Session::instance('cookie')

Session Adapter Settings

You can apply configuration settings to each of the session adapters by creating a session config file at APPPATH/config/session.php. The following sample configuration file defines all the settings for each adapter:

As with cookies, a "lifetime" setting of "0" means that the session will expire when the browser is closed.